CVE-2023-44284

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
dellCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
dellpowerprotect_data_protection
𝑥
< 2.7.6
dellapex_protection_storage
𝑥
< 6.2.1.110
dellapex_protection_storage
7.0 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain
𝑥
< 6.2.1.110
dellpowerprotect_data_domain
7.0 ≤
𝑥
< 7.12.0.0
dellpowerprotect_data_domain_management_center
𝑥
< 6.2.1.110
dellpowerprotect_data_domain_management_center
7.0 ≤
𝑥
< 7.13.0.10
dellemc_data_domain_os
𝑥
< 6.2.1.110
dellemc_data_domain_os
7.0 ≤
𝑥
< 7.12.0.0
dellemc_data_domain_os
7.7 ≤
𝑥
< 7.7.5.25
dellemc_data_domain_os
7.10 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain_management_center
7.7 ≤
𝑥
< 7.7.5.25
dellpowerprotect_data_domain_management_center
7.10 ≤
𝑥
< 7.10.1.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities